Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users plagued by carelessly programmed apps that leak important data accident, malicious exploit their given privileges to copy such intentionally. While existing static taint-analysis approaches have potential detecting leaks ahead all for Android use number coarse-grain approximations can yield high numbers missed false alarms.

Today's smartphones are a ubiquitous source of private and confidential data. At the same time, smartphone users plagued by carelessly programmed apps that leak important data accident, malicious exploit their given privileges to copy such intentionally. While existing static taint-analysis approaches have potential detecting leaks ahead all for Android use number coarse-grain approximations can yield high numbers missed false alarms. In this work we thus present FlowDroid, novel highly...

Shake Them All is a popular Wallpaper application exceeding millions of downloads on Google Play. At installation, this given permission to (1) access the Internet (for updating wallpapers) and (2) use device microphone (to change background following noise changes). With these permissions, could silently record user conversations upload them remotely. To give more confidence about how actually processes what it records, necessary build precise analysis tool that tracks flow any sensitive...

Shake Them All is a popular "Wallpaper" application exceeding millions of downloads on Google Play. At installation, this given permission to (1) access the Internet (for updating wallpapers) and (2) use device microphone (to change background following noise changes). With these permissions, could silently record user conversations upload them remotely. To give more confidence about how actually processes what it records, necessary build precise analysis tool that tracks flow any sensitive...

This paper introduces Dexpler, a software package which converts Dalvik bytecode to Jimple. Dexpler is built on top of Dedexer and Soot. As Jimple Soot's main internal rep- resentation code, the can be manipu- lated with any based tool, for instance performing point-to or flow analysis.

In the permission-based security model (used e.g. in Android and Blackberry), applications can be granted more permissions than they actually need, what we call a "permission gap". Malware leverage unused for achieving their malicious goals, instance using code injection. this paper, present an approach to detecting permission gaps static analysis. Using our tool on dataset of applications, found out that non negligible part suffers from gaps, i.e. does not use all declare.

Static analysis has been successfully used in many areas, from verifying mission-critical software to malware detection. Unfortunately, static often produces false positives, which require significant manual effort resolve. In this paper, we show how overlay a probabilistic model, trained using domain knowledge, on top of results, order triage results. We apply idea analyzing mobile applications. Android application components can communicate with each other, both within single applications...

A common security architecture is based on the protection of certain resources by permission checks (used e.g., in Android and Blackberry). It has some limitations, for instance, when applications are granted more permissions than they actually need, which facilitates all kinds malicious usage (e.g., through code injection). The analysis permission-based framework requires a precise mapping between API methods require. In this paper, we show that naive static fails miserably applied with...

Android applications may leak privacy data carelessly or maliciously. In this work we perform inter-component data-flow analysis to detect leaks between components of applications. Unlike all current approaches, our tool, called IccTA, propagates the context components, which improves precision analysis. IccTA outperforms other available tools by reaching a 95.0% and recall 82.6% on DroidBench. Our approach detects 147 based in 14 set 3000 real-world with 88.4%. With help ApkCombiner, is...

We present a growing collection of Android apps collected from several sources, including the official Google Play app market and various metadata those aiming at facilitating Android-relevant research works. Our dataset by far has over five million 20 types such as VirusTotal reports. objective collecting this is to contribute ongoing efforts, well enable new potential topics on Apps. By releasing our set community, we also aim encouraging fellow researchers engage in reproducible...

We present PCLeaks, a tool based on inter-component communication (ICC) vulnerabilities to perform data-flow analysis Android applications find potential component leaks that could potentially be exploited by other components. To evaluate our approach, we run PCLeaks 2000 apps randomly selected from the Google Play store. reports 986 in 185 apps. For each leak reported PCLeaksValidator automatically generates an app which tries exploit leak. By manually running subset of generated apps, 75%...

Inter-Component Communication (ICC) is a key mechanism in Android. It enables developers to compose rich functionalities and explore reuse within across apps. Unfortunately, as reported by large body of literature, ICC rather "complex largely unconstrained", leaving room lack precision apps modeling. To address the challenge tracking ICCs apps, state art static approaches such EPICC, ICCTA AMANDROID have focused on documented framework methods (e.g., startActivity) build their approaches. In...

When created, the Java platform was among first runtimes designed with security in mind. Yet, numerous versions were shown to contain far-reaching vulnerabilities, permitting denial-of-service attacks or even worse allowing intruders bypass runtime's sandbox mechanisms, opening host system up many kinds of further attacks.

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance objects from serialized byte streams, can be dangerous since it open application to attacks such as remote code execution (RCE) if data deserialize is originating untrusted source. Deserialization vulnerabilities are so critical that they in OWASP's list top 10 security risks for web applications. mainly caused by faults development process and flaws their dependencies, i.e.,...

Inter-app communication is a mandatory and security-critical functionality of operating systems, such as Android. On the application level, Android implements this facility through Intents, which can also transfer non-primitive objects using Java's Serializable API. However, API has long history deserialization vulnerabilities, specifically gadget chains. Research endeavors have been heavily directed towards detection chains on Java platform. Yet, there little knowledge about existence...

We discuss the capability of a new feature set for malware detection based on potential component leaks (PCLs). PCLs are defined as sensitive data-flows that involve Android inter-component communications. show common in apps and malicious applications indeed manipulate significantly more than benign apps. Then, we evaluate machine learning-based approach relying PCLs. Experimental validations high performance identifying malware, demonstrating can be used discriminating from